You are here

Regulatory Requirements

Why shred? It's the law!

Federal law requires businesses, financial firms, and health care providers to protect client and patient information. As of June 2005, under FACTA (the Fair and Accurate Credit Transaction Act), businesses "that possess consumer information for a business purpose must properly dispose of such information. Examples include burning, pulverizing, or shredding papers containing consumer information, or destroying or erasing electronic media containing such information." - Congressional Research Service Feb 3, 2005.

Paper Tiger can help you become aware of and comply with the laws relevant to your business or profession.  Below, you'll see highlights that impact you most from four specific laws:

Law Who's Impacted
FACTA All businesses
HIPAA Health care
Gramm Leach Bliley Financial institutions
Sarbanes-Oxley Publicly-held businesses

FACTA - Fair and Accurate Credit Transactions Act 

Effective June 2005, this law requires businesses that collect customer information to ensure that the information is protected from "unauthorized access or use." In addition, the Disposal Rule requires that when such information is discarded, it must be appropriately destroyed through shredding, burning, or pulverizing. The federal government's website states that "although the Disposal Rule applies to consumer reports and the information derived from consumer reports, the Federal Trade Commission encourages those who dispose of any records containing a consumer's personal or financial information to take similar protective measures."  Paper Tiger can help you adhere to the FACTA without stress or worries.

HIPAA - Health Insurance Portability and Accountability Act

This 1996 law and the accompanying 2002 regulation known as the Privacy Rule restrict how health care providers may handle and disclose of patient health information. In general, health care entities must ensure that only approved personnel handle protected health information and then only for purposes specified in the law and regulation.

Paper Tiger can help your business comply with these requirements by:

  • Storing protected health information in a secure commercial records center;
  • Storing electronic files on our secure servers;
  • Signing a business associate agreement with your medical practice to limit your liability for stored health information;
  • Destroying inactive medical records in accordance with state medical society guidance and in compliance with HIPAA regulations;
  • Converting medical files to encrypted electronic files to:
    • Save office space
    • Provide easy access to records
  • Limit access only to individuals you provide with designated passwords and encryption software.

Gramm Leach Bliley 

This 1999 law requires financial institutions and businesses that receive personal information in the course of conducting their business to establish safeguards for the handling and disclosure of that information.  Paper Tiger can help your business comply with this law by:

  • Storing sensitive hard copy information in our secure commercial records center;
  • Storing sensitive electronic documents on our secure servers;
  • limiting access to sensitive information only to individuals you approve in advance; and
  • Shredding and recycling discarded documents including sensitive paper documents and electronic media to prevent identity theft.

Sarbanes-Oxley

This 2002 legislation creates new requirements for businesses and accountants to maintain corporate audit records for five years beyond the year in which an audit is concluded. The new law also creates penalties for destroying or altering documents that are relevant to contemplated or ongoing investigations or official actions. Paper Tiger can help businesses and accounting firms and their clients comply with the law by:

  • Establishing a retention and destruction schedule for audit documents that complies with federal law;
  • Storing audit records off site to limit the potential for tampering or inappropriate destruction; and
  • Creating electronic versions of paper records to provide "back ups" of original documents in the event that the originals are inadvertently lost, altered, or destroyed.